Processor core architecture targets functional safety

TOKYO — Arm unveiled Wednesday a new program called “Arm Safety Ready” for its ecosystem partners, and an upgraded processing core called Cortex-A76AE — integrated with split-lock safety features — for SoC designers. Both respond directly to the clamor for greater safety in the era of Advanced Driver Assistance Systems (ADAS) and autonomous driving.

Asked about the biggest challenges facing the automotive industry today, Lakshmi Mandyam, vice president of the embedded and automotive business at Arm, told EE Times in a phone interview: “a simpler and easier way to implement safety,” and “a scalable platform requirement.”

Calling ADAS “a foundation of autonomy,” Mandyam noted that Arm is “leading the charge for safety” by creating an easier path for both system developers and chip designers to execute and advance the safety of highly automated vehicles.

While Arm hopes to accelerate mass-marketing autonomous driving by offering its safety program and processors, leading automotive chip vendors were not waiting around for Arm to show them the way to safety in SoCs. Nvidia, NXP, Renesas and Intel/Mobileye, for example, have already developed and implemented safety features in their chips, the first three using Arm cores and Intel/Mobile on MIPS.

ASIL DJim McGregor, founder of Tirias Research, explained, “Automotive safety is done at many levels, including silicon, software, system, and the entire platform.”

He noted, “The level of safety depends on the applications, but generally you have to ensure a certain level of reliability and failover protection for command and control systems.” As a result, “This goes into the SoC design through secure environments, redundant processing on-chip or between chips, fail-safe instructions, etc. All of this is, then, designed in with the rest of the platform.”

If so, what are typical ways to implement safety inside vehicles?

For example, “You may have two cores or two independent MCUs or MPUs executing in lockstep in case one fails, or to determine if there is a dependency in the information,” explained McGregor. In current cars, this is limited to specific control functions. But he predicted that in autonomous vehicles, this much redundancy will be required in just about every system.

Asked about how current automotive SoCs comply with ASIL (Automotive Safety Integrity Level) certification requirements, Mike Demler, senior analyst at the Linley Group, said: “To support ASIL D in the Xavier SoC, Nvidia, for example, implemented a custom lockstep mechanism and other features,” because ASIL C and D require redundancy.

Demler said, “Up till now, Arm supported these automotive requirements with Cortex-R. NXP and Renesas have used those CPU cores in their safety islands,” he added.

Cortex-A76AEArm is introducing Cortex-A76AE, which it describes as “the industry’s first high-performance application processor with split-lock capability, combining the processing performance required for autonomous applications and high-integrity safety.”

Cortex-A76AE is also designed to gun for performance per watt. Mandyam said that an SoC with autonomous-class performance at 250 KDMIPS typically consumes about 30W SoC. In contrast, an SoC with similar compute complex based on 6 core Cortex-A76AE configuration with CMN-600AE at 7nm would need only 15W, she noted.

Demler said, “Cortex-A76 is Arm’s highest performance CPU, so it gives the automobile-chip designers a big boost in performance compared to the older 32-bit Cortex-R CPUs.” He added, “The new split/locked option is a feature the Cortex-R cores don’t support.”